February 19, 2019
By Frank Downs, Director of Cybersecurity Practices, ISACA
One of the most concerning realities of interconnectivity today is the level of reliance that the world’s businesses and infrastructure have upon a constant, dependable connection to the internet. These “always-on” connections have led to incredible advancements in operational efficiencies, response times and organizations capabilities. However, they have come at the cost of creating a new attack vector for the malicious and larger susceptibilities for the incompetent. As such, the field of cybersecurity has become more relevant across all functional domains, to include the field of manufacturing.
As the human workforce shrinks in many manufacturing plants across the world, more and more automated and interconnected systems emerge. As such, certain cyberattacks against manufacturing processes have arisen, in certain cases, such as the Stuxnet attack, gaining worldwide coverage.
As these manufacturing organizations have entered a new world, overcast with a constant threat of attack, they have implemented new measures to protect themselves against malicious actors of all types. From Advanced Persistent Threats (APTs) to ransomware, manufacturing organizations have realized they are at risk from the same attacks the rest of the world experiences. In response, they have implemented specific measures to enhance their defensive postures against potential threats – and it shows. Based upon a recent survey conducted by ISACA and the Digital Manufacturing and Design Innovation Institute (DMDII), manufacturing organizations have revealed that they are taking positive steps in order to keep themselves safe in a cyber-infused operations world.
One of the positive developments that has occurred as the manufacturing world becomes more interconnected is the creation of formal processes for dealing with cyber incidents. These include documents such as incident response plans and disaster recovery plans. These policies are pivotal to organizations’ cyber capabilities. Specifically, an incident response plan provides guidelines to identify if an attack is occurring against an organization, in this case a manufacturer. These plans include manufacturing-specific considerations that are unique to each organization’s process, thus making them highly tuned tools to implement in case of an attack.
The disaster recovery plans are similar in that each plan is unique to the organization and includes considerations specific to each manufacturing process. These policies also ensure that proper and effective communication takes place when an incident occurs, confirming that the right people are made aware of an attack when it happens. Based upon an analysis of the ISACA/DMDII survey, the majority of responding manufacturing organizations, 78 percent, now have processes in place to respond to attacks when they occur. This includes ransomware attacks, wherein 68 percent of respondents indicated that they have specific responses in place to handle the encrypting attack.
Furthering the manufacturing sector’s growing cybersecurity confidence, of the organizations participating in the survey, 77 percent attest that they are confident in their security team’s ability to detect and respond to an advanced persistent threat (APT). These are threats that usually are defined by their prolonged and refined nature against a specific target set, in which attackers gain access to specific networks and remain undetected for extended periods of time. Since these threats traditionally have longer lifecycles and require greater resources, they are oftentimes viewed as government-funded organizations or big businesses. These APTs also are known for leveraging more sophisticated attacks that are harder to discover – making the confidence of the manufacturing industry a noteworthy metric.
While the faith that manufacturing organizations place on their security teams is not misplaced, it is important to remember that strong security teams are formed by strong people In that regard, the manufacturing industry suffers from the same ailments as other industries – good help is hard to find. Specifically, finding qualified, skilled cybersecurity professionals still proves difficult for manufacturing organizations, with the average job vacancy remaining open for five months. Additionally, the thrall of applicants has proven a mire to sort through, with 61 percent of respondent hiring managers indicating that less than half of the applicants applying for a cybersecurity job in manufacturing are qualified for the position. This creates a difficult hiring environment for organizations seeking skilled cybersecurity professionals and provides robust rationale for extending benefits that would increase retention, such as training and education opportunities.
Living in the reality of a growing cybersecurity skills shortage, the manufacturing industry has taken additional steps to ensure that the staff they have are trained and ready for potential cyber incidents. Specifically, when asked, 74 percent of respondents indicated that they believe their organization’s cybersecurity training budget would either increase or remain at its current level for 2019. This investment in the maintenance and enhancement of cybersecurity staff shows that manufacturing organizations take the threat of cyber incidents seriously.
While the overall picture of preparedness for cyberattacks is concerning and no single industry may ever be fully protected from all incidents, it is clear that the manufacturing field recognizes the threat that is faces. Through investing in training for key personnel, decreasing the potential threat posed by APTs, and developing and testing appropriate response strategies, manufacturing organizations are taking positive steps to navigate the new world of interconnectivity.
Frank Downs, Director of Cybersecurity Practices, ISACA